What is ISO 27001?

The ISO 27001 standard was published in October 2005, essentially replacing the old BS7799-2 standard. It is the specification for an ISMS, an Information Security Management System. BS7799 itself was a long standing standard, first published in the nineties as a code of practice. The objective of the standard itself is to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System".

ISO/IEC 27001 is a security certification standard published by the International Organization for Standardization (ISO) and the International Electro-technical Commission (IEC) in October 2005. Developed to provide a model for establishing, implementing, operating, monitoring, and maintaining an information security management system, it is widely recognized as the highest security standard in the industry for examining the efficacy of an organization’s overall security posture.